Key Manager Plus

SSL/TLS certificate lifecycle management

-SSL certificate discovery

As the IT infrastructure of organizations expands, they procure certificates for every machine to safeguard their resources and domains. Additionally, developers often create many self-signed certificates to protect the internal network during the developmental stages of a product. Organizations often end up with thousands of certificates under their belt. Automating the discovery of certificates provides complete visibility over the certificate infrastructure to locate any rogue/invalid certificates and remediate them immediately.

Key Manager Plus takes care of scanning your entire network for certificates and consolidating them in a central repository. With Key Manager Plus, you can discover certificates from different sources, irrespective of the issuing CAs. It supports on-demand, scheduled, and recurrent discovery processes.

Identify certificates from varied endpoints

Key Manager Plus scans for SSL certificates in a variety of locations, including SMTP mail servers, load balancers, AWS, AD, MS-CA and Certificate Store, and shared directory paths. It checks all these varied endpoints to ensure that any existing certificate is not missed. You can even select a granular discovery process for it to follow, including only the certificates you require from the list of available certificates.

Rediscover to get the latest versions of certificates

With Key Manager Plus, you can schedule certificate discovery to happen on a recurrent basis, ensuring the repository remains up to date. It keeps track of the certificates and automatically recalls their source, allowing it to quickly retrieve the latest version of a certificate.

Discover certificates from inaccessible machines

Using agents, Key Manager Plus allows you to discover certificates from machines whose credentials are unavailable and those which are present in demilitarized zones. The agent connects with the Key Manager Plus server over a secure HTTPS connection and looks up to obtain periodic heartbeats of the target machine.

-Centralized SSL certificate management

As an organization scales its digital security, possessing thousands of certificates becomes tedious, yet inevitable. Since SSL/TLS certificates are prone to end-server vulnerabilities and man-in-the-middle attacks, burgeoning organizations need to extensively monitor their entire certificate infrastructure, ensuring that it is updated regularly to maintain certificate security, validity, and ownership.

Key Manager Plus securely maintains every discovered, created, issued, and imported certificate in one central repository. Admins can easily access the certificates and perform the required operations directly from the repository in just a few clicks.

Perform bulk operations on certificate groups

Performing bulk operations on multiple certificates won't be daunting anymore, thanks to certificate groups. Key Manager Plus allows you to create different groups of certificates which could be deployed in specific locations.

Seamlessly sign certificates with custom CAs

Key Manager Plus provides you with the flexibility to create your own custom CA root certificates. The root certificates are stored autonomously, and admins can use them to sign locally generated certificate requests.

Scan and remediate vulnerabilities

With Key Manager Plus, you can automate periodic scanning of certificates. Key Manager Plus follows best practices to keep SSL/TLS vulnerabilities at bay. It retrieves CRL and OCSP statuses, checks for Poodle and Heartbleed vulnerabilities, and flags the unsafe certificates. SSL 3.0 is completely disabled in Key Manager Plus to prevent weak cipher vulnerabilities.

-Creating and deploying wildcard SSL certificates

For any scaling organization with multiple subdomains, wildcard certificates are the future-proof way of securing their resources. A single private key is commonly used for a wildcard certificate, and if that key gets compromised, then all of its corresponding subdomains can easily become susceptible to vulnerabilities. The deployed wildcard certificates need to be validated periodically to preserve their security.

Key Manager Plus streamlines the deployment of wildcard certificates in multiple servers. It provides you with an efficient way to deploy all your certificates in the required target machine. Stay well-informed about your deployments with analytical reports that are generated periodically.

Deploy certificates automatically

Key Manager Plus automates the deployment of certificates in a desired location directly from its interface. Using agents, you can deploy the certificates on target machines residing in inaccessible demilitarized zones. Key Manager Plus allows you to deploy your certificates on any browser, IIS server, or platform-agnostic machine, as well as on AWS, the MS-Certificate Store, or an MDM. It enables multi-server deployment of a certificate as well as deploying a group of certificates in one target machine.

Secure your wildcard certificates

Organizations typically opt for wildcard certificates since they are more cost-effective than procuring, installing, and renewing a slew of certificates for each subdomain. Key Manager Plus enables you to deploy a wildcard certificate on multiple servers. To ensure only the latest version of the certificate is deployed on all the servers, Key Manager Plus automatically performs periodic synchronization checks.

Create your own certificates with ease

Key Manager Plus automates the creation of self-signed certificates, without requiring any command execution. They are securely maintained and monitored in the central repository. With the help of standardized templates, you can quickly create certificates signed with your private key.

-SSL certificate expiration alert

Every organization that uses spreadsheets to manually track all of its certificates from different Certificate Authorities (CA) gains limited visibility over the validity of those certificates. If a certificate expires, then it results in service downtime and security blindspots, costing your organization its revenue, trust, and confidential data. Besides tracking the validity of certificates, admins bear the overhead of tracking each domain's validity. If a domain expires, attackers can take advantage of this vulnerability to steal personal data and create fraudulent websites.

Key Manager Plus actively monitors and tracks the validity of your organization's certificates in one central repository. It sends periodic reports and timely alerts to domain owners, notifying them whenever certificates reach imminent expiry. Also, it supports on-demand and automatic renewal of certificates to ensure your domain functions undisrupted.

Get promptly notified of impending certificate expiry

With Key Manager Plus, you'll receive notifications about the certificates which will expire in a specified number of days, helping you plan proactively for timely renewal. It also allows admins to customize the content and frequency of email alerts.

Prevent unanticipated outages with auto-renewal

Key Manager Plus takes care of automating the renewal of certificates. It provides you with the flexibility to configure the number of days before which the certificates need to be auto-renewed. The renewed certificates are automatically deployed to their respective servers.

Eliminate unprecedented domain lapses

Key Manager Plus notifies you about any impending domain expiry associated with certificates in your repository, helping you safeguard your domain against invalidity and potential man-in-the-middle attacks. When prompted, it retrieves the exact date of expiry after performing a two-step WHOIS lookup.

-Generate a certificate signing request (CSR)

A typical Certificate Signing Request (CSR) consists of the details of an organization along with a pair of public and private keys to be sent to a Certificate Authority (CA). However, it becomes tedious and time-consuming when processing multiple CSRs, with each request requiring the same organization details but for a unique key pair. An organization might require thousands of certificates—which in turn yields thousands of CSRs . What's more, the CSR process often involves privileged admins who use an additional tool to sign CSRs, which leads to siloed IT management.

The applicants can save a lot of time and effort if the creation and management of CSRs are streamlined in one central location. Key Manager Plus provides visibility over the end-to-end management of CSRs, from generation, signing, to the acquisition of certificates. Track, organize, and manage every CSR that is created using Key Manager Plus, as well as those created externally.

Expedite the creation of CSR

Key Manager Plus allows you to create and maintain templates for faster and more efficient generation of CSRs . It allows you to enforce specific guidelines and create standard templates to comply with predefined policies. Every discovered, imported, and generated CSR is stored in one central repository for ease of access.

Sign CSRs with ease

With integrated signing, Key Manager Plus makes the process easy by allowing privileged admins to sign any existing CSR. Once a CSR is signed, the issued certificate will be automatically updated to the central repository.

Enforce certificate request approvals

Sometimes, non-privileged users might use a third-party tool to raise requests for certificates. Tracking the progress of each certificate request on a separate platform might lead to asynchronous errors. Key Manager Plus allows users to raise tickets for new certificates as well as add subdomains for existing certificates, even if they lack the privilege to create a CSR. The requesters can track the lifecycle of each request from Key Manager Plus.

- SSL/TLS public certificate authority integrations

The certificate infrastructure of organizations consists of certificates procured from different Certificate Authorities (CAs) to secure their exhaustive range of endpoints. Siloed management of certificates from different CAs often results in missing an expired certificate, which quickly leads to unexpected outages and service downtime. With Key Manager Plus, you can perform the required operations on certificates belonging to multiple CAs and secure their end-to-end lifecycle.

Once configured with Key Manager Plus, you can import, request, deploy, renew, revoke, and delete all of your certificates from a single interface, eliminating the need to shuffle between different CA screens. It allows you to track the status of each certificate request, renewal, and domain validation. Gain insights with analytical reports curated for the certificates managed by each CA.

Simplify the management of certificates from multiple CAs

From Key Manager Plus, you can manage the certificates from Let's Encrypt, DigiCert, GlobalSign, GoDaddy, ACME, MS-CA, Sectigo, and more. Key Manager Plus takes care of automated validation of the domain to procure and renew certificates. Each obtained certificate is automatically updated in the repository. It sends alerts for the expiring certificates and auto-renews them exactly 15 days before expiry.

Regulate the devices issued by your enterprise

With Mobile Device Manager Plus (ManageEngine's MDM software) integrated into Key Manager Plus, you can discover and import SSL certificates from your enterprise's managed devices. Key Manager Plus establishes a secure connection with the MDM server and you can effortlessly deploy your certificates on the chosen devices.

Monitor the certificates from AWS-ACM

Using Key Manager Plus, you can request both public and private certificates from ACM (AWS Certificate Manager). While ACM doesn't support the creation of new certificates, Key Manager Plus allows you to create the required certificates. It automatically redeploys the renewed certificates and periodically performs synchronization checks with ACM.

SSH key management

-Discover SSH keys and servers

Enterprises of all sizes prefer to follow an automated discovery process to track all the existing resources, leaving no keys unidentified lest they fall into the hands of malicious attackers. Key Manager Plus automatically discovers all the existing servers and keys across heterogeneous environments, providing you with an organized inventory of all the identified resources. The discovered and imported resources are instantly updated in the centralized repository.

Automatically discover all the active resources

Key Manager Plus provides you with the flexibility to automate the discovery of multiple resources from varied locations as well as import a list of resources in bulk. It supports on-demand, scheduled, and recurring discovery processes, presenting you with a detailed overview of each executed discovery.

Get inventory in sync with the latest additions

Upon discovery, resources need to be periodically synchronized in order for you to maintain an updated inventory. After discovery, Key Manager Plus automatically lists all the user accounts and keys residing in the discovered servers. This list can be updated on demand to include recently added user accounts and keys.

Access and manage data center resources

When data centers restrict direct access to a remote device via SSH, it could be connected through one or more landing servers. Once configured, Key Manager Plus automatically performs multiple hassle-free hops through the landing servers to reach the target device, eliminating the need to provide credentials for each hop.

-Consolidate, store, and regulate access to SSH resources

As an organization grows, it's only natural for its SSH keys to multiply exponentially. A centralized key inventory can help gain control of all the deployed keys, and prevent haphazard management. Key Manager Plus consolidates and maintains all the resources that are discovered, imported, and created in one central inventory with fine-grained access control workflows.

Since the encrypted private keys and passphrases are stored in this central repository, admins can access the servers only via Key Manager Plus, thus making it the exclusive SSH key gateway. Also, it could restrict certain users, if required, thereby authenticating users for remote access.

Get a holistic view of all the keys

Siloed processes could be cumbersome and might result in security risks. Even if one key gets compromised, it gives attackers the ability to bring down the entire network. With Key Manager Plus, you can easily access all keys and perform required operations on them from a unified platform. Identify the ownership and status of each key, view each key's history, import and export keys and credentials—all from a single place.

Curb the risk of orphaned keys

Orphaned keys are left behind when a user leaves an organization without disassociating the related keys. Also, when a user still has access to sensitive keys even after their privileged access ceases, it results in misuse of keys. Key Manager Plus takes care of it promptly by automatically disassociating the keys when a user account gets deleted. Using its key-user account relationship mapping, it can easily identify and delete the unused keys in the network.

Stay on top of user activities

Administrators need to be able to detect anomalies quickly and take appropriate remedial actions to stay away from the risk of key compromise. Key Manager Plus tracks each user's activity and records their trails along with timestamps. It also has dedicated audit pages for Key Rotation, Key Association, Discovery, and Schedule operations to capture every detail of the activity performed.

-Creation and deployment of SSH keys

As more resources are added to an organization's network, the number of SSH keys associated with them significantly rises. Usually, the keys are subjected to siloed management that does not provide holistic visibility into their life cycles. It could potentially lead to IT admins losing track of the keys created, thus exposing the SSH environment to security vulnerabilities.

Key Manager Plus tracks the newly created keys and maintains the existing keys in one unified inventory. It automates the creation, association, and deployment operations. Based on the specified algorithm, it allows you to create new pairs of encrypted keys with strong passphrases, which can be associated with the required user accounts.

Enforce access control

Without centralized control, any user could create and duplicate keys, thus resulting in key sprawl. Key Manager Plus allows only authorized administrators to perform the one-time setup of highly sensitive key operations, such as creation and association, thereby providing an additional layer of restriction.

Set up an organization-wide policy

Without constant monitoring, numerous keys could be chaotically strewn around the network. To enable a fresh start, these keys need to be wiped down completely. With Key Manager Plus, you can either overwrite all the existing keys, thus generating new key associations altogether, or you can leave the current key associations undisturbed and just append the new keys.

Perform bulk operations easily

Manually performing key management operations on thousands of keys is a tedious process. Key Manager Plus allows you to create numerous groups of keys and quickly perform operations on them in bulk. With its group management capability, you can associate, create, and deploy multiple keys in a few quick steps.

Securely push keys to remote servers

When multiple remote servers require access to private keys, manually provisioning them to each server can be time-consuming and prone to risks. Key Manager Plus automates this process by directly pushing the private keys from the central repository to the remote servers and user accounts, thus preventing potential downtime.

-SSH keys rotation

As keys proliferate, it gets harder for IT admins to keep track of the purpose of each existing key. As a result, they might refrain from rotating the keys whose status they are unsure of. If SSH keys remain static for a prolonged period, it only increases the chances for them to be compromised. Key Manager Plus bolsters the security of keys by auto-rotating them periodically.

Maintain consistent rotation cycles

Since SSH keys do not come with an expiry date, it is best practice to rotate them regularly to prevent misuse. Key Manager Plus enables systematic rotation of keys: You can perform on-demand rotation in a single click or schedule the keys to be rotated automatically on a recurrent basis.

Efficiently rotate numerous keys in groups

It is cumbersome to rotate thousands of keys and their accompanying passphrases manually. Key Manager Plus allows you to form multiple groups of keys and perform bulk rotation on them, helping you save time when a multitude of keys are involved. After every rotation, each private key is encrypted with a new passphrase.

Get notified about static keys

During each rotation, a new pair of private and public keys will be generated so the keys are renewed and maintained securely. The longer the keys are in existence without being rotated, the greater the threat they pose. Key Manager Plus has dedicated dashboard widgets to inform you about the keys that have not been rotated for a long time. It also allows you to configure the maximum number of days for a key to remain un-rotated, after which you will be promptly notified.

-Secure access to remote resources

Connecting to a remote server involves supplying private keys to a remote access tool each time a connection needs to be established. Key Manager Plus eliminates the need for an external tool as it takes care of issuing the keys automatically to access the remote server.

After establishing connection with a remote server, a user can perform operations as needed on any file by executing commands. Access to these files needs to be regulated so only authorized admins can read and write the files. When anyone who has access to a system's public key can view and edit its files, it increases the chances of security compromises. Key Manager Plus precisely addresses these concerns with a slew of secure features to automate remote operations and restrict access to remote systems.

Connect directly with remote servers

Manually connecting to multiple remote systems requires keys and passphrases to be provided each time you're trying to open a secure shell. Key Manager Plus automates the remote connection, delivering the credentials, and launching the terminal in a single click. Each session is recorded so administrators can track the executed commands.

Fortify keys with multiple layers of security

During a terminal session with a remote system, a user could extract confidential information by issuing sensitive commands. With Key Manager Plus, you can set restrictions for a user so they can only perform specific commands, which will be automatically executed on establishing a connection with the host. Also, to prevent anyone with the key from accessing a resource, Key Manager Plus allows access to keys only if they're from the user-defined IP addresses. This adds an additional layer of security, thus impeding access from a stolen key.

Restrict access to the authorized_keys file

The authorized_keys file residing in a system consists of a list of public SSH keys that are authorized to access that system. It's a crucial configuration file whose access needs to be restricted to prevent creation of unsolicited SSH pathways to critical systems. Key Manager Plus automates the maintenance, enabling only authorized admins to access and edit the file.

Securely transfer files

Files transferred using the Secure Copy Protocol are done via SSH tunneling. When this transfer is further authenticated using SSH keys, you can be assured that the files sent and received are twice as secured. With Key Manager Plus, you can safely transfer files to a remote system.

SSL/TLS certificate lifecycle management

-SSL certificate discovery

As the IT infrastructure of organizations expands, they procure certificates for every machine to safeguard their resources and domains. Additionally, developers often create many self-signed certificates to protect the internal network during the developmental stages of a product. Organizations often end up with thousands of certificates under their belt. Automating the discovery of certificates provides complete visibility over the certificate infrastructure to locate any rogue/invalid certificates and remediate them immediately.

Key Manager Plus takes care of scanning your entire network for certificates and consolidating them in a central repository. With Key Manager Plus, you can discover certificates from different sources, irrespective of the issuing CAs. It supports on-demand, scheduled, and recurrent discovery processes.

Identify certificates from varied endpoints

Key Manager Plus scans for SSL certificates in a variety of locations, including SMTP mail servers, load balancers, AWS, AD, MS-CA and Certificate Store, and shared directory paths. It checks all these varied endpoints to ensure that any existing certificate is not missed. You can even select a granular discovery process for it to follow, including only the certificates you require from the list of available certificates.

Rediscover to get the latest versions of certificates

With Key Manager Plus, you can schedule certificate discovery to happen on a recurrent basis, ensuring the repository remains up to date. It keeps track of the certificates and automatically recalls their source, allowing it to quickly retrieve the latest version of a certificate.

Discover certificates from inaccessible machines

Using agents, Key Manager Plus allows you to discover certificates from machines whose credentials are unavailable and those which are present in demilitarized zones. The agent connects with the Key Manager Plus server over a secure HTTPS connection and looks up to obtain periodic heartbeats of the target machine.

-Centralized SSL certificate management

As an organization scales its digital security, possessing thousands of certificates becomes tedious, yet inevitable. Since SSL/TLS certificates are prone to end-server vulnerabilities and man-in-the-middle attacks, burgeoning organizations need to extensively monitor their entire certificate infrastructure, ensuring that it is updated regularly to maintain certificate security, validity, and ownership.

Key Manager Plus securely maintains every discovered, created, issued, and imported certificate in one central repository. Admins can easily access the certificates and perform the required operations directly from the repository in just a few clicks.

Perform bulk operations on certificate groups

Performing bulk operations on multiple certificates won't be daunting anymore, thanks to certificate groups. Key Manager Plus allows you to create different groups of certificates which could be deployed in specific locations.

Seamlessly sign certificates with custom CAs

Key Manager Plus provides you with the flexibility to create your own custom CA root certificates. The root certificates are stored autonomously, and admins can use them to sign locally generated certificate requests.

Scan and remediate vulnerabilities

With Key Manager Plus, you can automate periodic scanning of certificates. Key Manager Plus follows best practices to keep SSL/TLS vulnerabilities at bay. It retrieves CRL and OCSP statuses, checks for Poodle and Heartbleed vulnerabilities, and flags the unsafe certificates. SSL 3.0 is completely disabled in Key Manager Plus to prevent weak cipher vulnerabilities.

-Creating and deploying wildcard SSL certificates

For any scaling organization with multiple subdomains, wildcard certificates are the future-proof way of securing their resources. A single private key is commonly used for a wildcard certificate, and if that key gets compromised, then all of its corresponding subdomains can easily become susceptible to vulnerabilities. The deployed wildcard certificates need to be validated periodically to preserve their security.

Key Manager Plus streamlines the deployment of wildcard certificates in multiple servers. It provides you with an efficient way to deploy all your certificates in the required target machine. Stay well-informed about your deployments with analytical reports that are generated periodically.

Deploy certificates automatically

Key Manager Plus automates the deployment of certificates in a desired location directly from its interface. Using agents, you can deploy the certificates on target machines residing in inaccessible demilitarized zones. Key Manager Plus allows you to deploy your certificates on any browser, IIS server, or platform-agnostic machine, as well as on AWS, the MS-Certificate Store, or an MDM. It enables multi-server deployment of a certificate as well as deploying a group of certificates in one target machine.

Secure your wildcard certificates

Organizations typically opt for wildcard certificates since they are more cost-effective than procuring, installing, and renewing a slew of certificates for each subdomain. Key Manager Plus enables you to deploy a wildcard certificate on multiple servers. To ensure only the latest version of the certificate is deployed on all the servers, Key Manager Plus automatically performs periodic synchronization checks.

Create your own certificates with ease

Key Manager Plus automates the creation of self-signed certificates, without requiring any command execution. They are securely maintained and monitored in the central repository. With the help of standardized templates, you can quickly create certificates signed with your private key.

-SSL certificate expiration alert

Every organization that uses spreadsheets to manually track all of its certificates from different Certificate Authorities (CA) gains limited visibility over the validity of those certificates. If a certificate expires, then it results in service downtime and security blindspots, costing your organization its revenue, trust, and confidential data. Besides tracking the validity of certificates, admins bear the overhead of tracking each domain's validity. If a domain expires, attackers can take advantage of this vulnerability to steal personal data and create fraudulent websites.

Key Manager Plus actively monitors and tracks the validity of your organization's certificates in one central repository. It sends periodic reports and timely alerts to domain owners, notifying them whenever certificates reach imminent expiry. Also, it supports on-demand and automatic renewal of certificates to ensure your domain functions undisrupted.

Get promptly notified of impending certificate expiry

With Key Manager Plus, you'll receive notifications about the certificates which will expire in a specified number of days, helping you plan proactively for timely renewal. It also allows admins to customize the content and frequency of email alerts.

Prevent unanticipated outages with auto-renewal

Key Manager Plus takes care of automating the renewal of certificates. It provides you with the flexibility to configure the number of days before which the certificates need to be auto-renewed. The renewed certificates are automatically deployed to their respective servers.

Eliminate unprecedented domain lapses

Key Manager Plus notifies you about any impending domain expiry associated with certificates in your repository, helping you safeguard your domain against invalidity and potential man-in-the-middle attacks. When prompted, it retrieves the exact date of expiry after performing a two-step WHOIS lookup.

-Generate a certificate signing request (CSR)

A typical Certificate Signing Request (CSR) consists of the details of an organization along with a pair of public and private keys to be sent to a Certificate Authority (CA). However, it becomes tedious and time-consuming when processing multiple CSRs, with each request requiring the same organization details but for a unique key pair. An organization might require thousands of certificates—which in turn yields thousands of CSRs . What's more, the CSR process often involves privileged admins who use an additional tool to sign CSRs, which leads to siloed IT management.

The applicants can save a lot of time and effort if the creation and management of CSRs are streamlined in one central location. Key Manager Plus provides visibility over the end-to-end management of CSRs, from generation, signing, to the acquisition of certificates. Track, organize, and manage every CSR that is created using Key Manager Plus, as well as those created externally.

Expedite the creation of CSR

Key Manager Plus allows you to create and maintain templates for faster and more efficient generation of CSRs . It allows you to enforce specific guidelines and create standard templates to comply with predefined policies. Every discovered, imported, and generated CSR is stored in one central repository for ease of access.

Sign CSRs with ease

With integrated signing, Key Manager Plus makes the process easy by allowing privileged admins to sign any existing CSR. Once a CSR is signed, the issued certificate will be automatically updated to the central repository.

Enforce certificate request approvals

Sometimes, non-privileged users might use a third-party tool to raise requests for certificates. Tracking the progress of each certificate request on a separate platform might lead to asynchronous errors. Key Manager Plus allows users to raise tickets for new certificates as well as add subdomains for existing certificates, even if they lack the privilege to create a CSR. The requesters can track the lifecycle of each request from Key Manager Plus.

- SSL/TLS public certificate authority integrations

The certificate infrastructure of organizations consists of certificates procured from different Certificate Authorities (CAs) to secure their exhaustive range of endpoints. Siloed management of certificates from different CAs often results in missing an expired certificate, which quickly leads to unexpected outages and service downtime. With Key Manager Plus, you can perform the required operations on certificates belonging to multiple CAs and secure their end-to-end lifecycle.

Once configured with Key Manager Plus, you can import, request, deploy, renew, revoke, and delete all of your certificates from a single interface, eliminating the need to shuffle between different CA screens. It allows you to track the status of each certificate request, renewal, and domain validation. Gain insights with analytical reports curated for the certificates managed by each CA.

Simplify the management of certificates from multiple CAs

From Key Manager Plus, you can manage the certificates from Let's Encrypt, DigiCert, GlobalSign, GoDaddy, ACME, MS-CA, Sectigo, and more. Key Manager Plus takes care of automated validation of the domain to procure and renew certificates. Each obtained certificate is automatically updated in the repository. It sends alerts for the expiring certificates and auto-renews them exactly 15 days before expiry.

Regulate the devices issued by your enterprise

With Mobile Device Manager Plus (ManageEngine's MDM software) integrated into Key Manager Plus, you can discover and import SSL certificates from your enterprise's managed devices. Key Manager Plus establishes a secure connection with the MDM server and you can effortlessly deploy your certificates on the chosen devices.

Monitor the certificates from AWS-ACM

Using Key Manager Plus, you can request both public and private certificates from ACM (AWS Certificate Manager). While ACM doesn't support the creation of new certificates, Key Manager Plus allows you to create the required certificates. It automatically redeploys the renewed certificates and periodically performs synchronization checks with ACM.

SSH key management

-Discover SSH keys and servers

Enterprises of all sizes prefer to follow an automated discovery process to track all the existing resources, leaving no keys unidentified lest they fall into the hands of malicious attackers. Key Manager Plus automatically discovers all the existing servers and keys across heterogeneous environments, providing you with an organized inventory of all the identified resources. The discovered and imported resources are instantly updated in the centralized repository.

Automatically discover all the active resources

Key Manager Plus provides you with the flexibility to automate the discovery of multiple resources from varied locations as well as import a list of resources in bulk. It supports on-demand, scheduled, and recurring discovery processes, presenting you with a detailed overview of each executed discovery.

Get inventory in sync with the latest additions

Upon discovery, resources need to be periodically synchronized in order for you to maintain an updated inventory. After discovery, Key Manager Plus automatically lists all the user accounts and keys residing in the discovered servers. This list can be updated on demand to include recently added user accounts and keys.

Access and manage data center resources

When data centers restrict direct access to a remote device via SSH, it could be connected through one or more landing servers. Once configured, Key Manager Plus automatically performs multiple hassle-free hops through the landing servers to reach the target device, eliminating the need to provide credentials for each hop.

-Consolidate, store, and regulate access to SSH resources

As an organization grows, it's only natural for its SSH keys to multiply exponentially. A centralized key inventory can help gain control of all the deployed keys, and prevent haphazard management. Key Manager Plus consolidates and maintains all the resources that are discovered, imported, and created in one central inventory with fine-grained access control workflows.

Since the encrypted private keys and passphrases are stored in this central repository, admins can access the servers only via Key Manager Plus, thus making it the exclusive SSH key gateway. Also, it could restrict certain users, if required, thereby authenticating users for remote access.

Get a holistic view of all the keys

Siloed processes could be cumbersome and might result in security risks. Even if one key gets compromised, it gives attackers the ability to bring down the entire network. With Key Manager Plus, you can easily access all keys and perform required operations on them from a unified platform. Identify the ownership and status of each key, view each key's history, import and export keys and credentials—all from a single place.

Curb the risk of orphaned keys

Orphaned keys are left behind when a user leaves an organization without disassociating the related keys. Also, when a user still has access to sensitive keys even after their privileged access ceases, it results in misuse of keys. Key Manager Plus takes care of it promptly by automatically disassociating the keys when a user account gets deleted. Using its key-user account relationship mapping, it can easily identify and delete the unused keys in the network.

Stay on top of user activities

Administrators need to be able to detect anomalies quickly and take appropriate remedial actions to stay away from the risk of key compromise. Key Manager Plus tracks each user's activity and records their trails along with timestamps. It also has dedicated audit pages for Key Rotation, Key Association, Discovery, and Schedule operations to capture every detail of the activity performed.

-Creation and deployment of SSH keys

As more resources are added to an organization's network, the number of SSH keys associated with them significantly rises. Usually, the keys are subjected to siloed management that does not provide holistic visibility into their life cycles. It could potentially lead to IT admins losing track of the keys created, thus exposing the SSH environment to security vulnerabilities.

Key Manager Plus tracks the newly created keys and maintains the existing keys in one unified inventory. It automates the creation, association, and deployment operations. Based on the specified algorithm, it allows you to create new pairs of encrypted keys with strong passphrases, which can be associated with the required user accounts.

Enforce access control

Without centralized control, any user could create and duplicate keys, thus resulting in key sprawl. Key Manager Plus allows only authorized administrators to perform the one-time setup of highly sensitive key operations, such as creation and association, thereby providing an additional layer of restriction.

Set up an organization-wide policy

Without constant monitoring, numerous keys could be chaotically strewn around the network. To enable a fresh start, these keys need to be wiped down completely. With Key Manager Plus, you can either overwrite all the existing keys, thus generating new key associations altogether, or you can leave the current key associations undisturbed and just append the new keys.

Perform bulk operations easily

Manually performing key management operations on thousands of keys is a tedious process. Key Manager Plus allows you to create numerous groups of keys and quickly perform operations on them in bulk. With its group management capability, you can associate, create, and deploy multiple keys in a few quick steps.

Securely push keys to remote servers

When multiple remote servers require access to private keys, manually provisioning them to each server can be time-consuming and prone to risks. Key Manager Plus automates this process by directly pushing the private keys from the central repository to the remote servers and user accounts, thus preventing potential downtime.

-SSH keys rotation

As keys proliferate, it gets harder for IT admins to keep track of the purpose of each existing key. As a result, they might refrain from rotating the keys whose status they are unsure of. If SSH keys remain static for a prolonged period, it only increases the chances for them to be compromised. Key Manager Plus bolsters the security of keys by auto-rotating them periodically.

Maintain consistent rotation cycles

Since SSH keys do not come with an expiry date, it is best practice to rotate them regularly to prevent misuse. Key Manager Plus enables systematic rotation of keys: You can perform on-demand rotation in a single click or schedule the keys to be rotated automatically on a recurrent basis.

Efficiently rotate numerous keys in groups

It is cumbersome to rotate thousands of keys and their accompanying passphrases manually. Key Manager Plus allows you to form multiple groups of keys and perform bulk rotation on them, helping you save time when a multitude of keys are involved. After every rotation, each private key is encrypted with a new passphrase.

Get notified about static keys

During each rotation, a new pair of private and public keys will be generated so the keys are renewed and maintained securely. The longer the keys are in existence without being rotated, the greater the threat they pose. Key Manager Plus has dedicated dashboard widgets to inform you about the keys that have not been rotated for a long time. It also allows you to configure the maximum number of days for a key to remain un-rotated, after which you will be promptly notified.

-Secure access to remote resources

Connecting to a remote server involves supplying private keys to a remote access tool each time a connection needs to be established. Key Manager Plus eliminates the need for an external tool as it takes care of issuing the keys automatically to access the remote server.

After establishing connection with a remote server, a user can perform operations as needed on any file by executing commands. Access to these files needs to be regulated so only authorized admins can read and write the files. When anyone who has access to a system's public key can view and edit its files, it increases the chances of security compromises. Key Manager Plus precisely addresses these concerns with a slew of secure features to automate remote operations and restrict access to remote systems.

Connect directly with remote servers

Manually connecting to multiple remote systems requires keys and passphrases to be provided each time you're trying to open a secure shell. Key Manager Plus automates the remote connection, delivering the credentials, and launching the terminal in a single click. Each session is recorded so administrators can track the executed commands.

Fortify keys with multiple layers of security

During a terminal session with a remote system, a user could extract confidential information by issuing sensitive commands. With Key Manager Plus, you can set restrictions for a user so they can only perform specific commands, which will be automatically executed on establishing a connection with the host. Also, to prevent anyone with the key from accessing a resource, Key Manager Plus allows access to keys only if they're from the user-defined IP addresses. This adds an additional layer of security, thus impeding access from a stolen key.

Restrict access to the authorized_keys file

The authorized_keys file residing in a system consists of a list of public SSH keys that are authorized to access that system. It's a crucial configuration file whose access needs to be restricted to prevent creation of unsolicited SSH pathways to critical systems. Key Manager Plus automates the maintenance, enabling only authorized admins to access and edit the file.

Securely transfer files

Files transferred using the Secure Copy Protocol are done via SSH tunneling. When this transfer is further authenticated using SSH keys, you can be assured that the files sent and received are twice as secured. With Key Manager Plus, you can safely transfer files to a remote system.